Re: A Little Help With Disk Cleaning/security

From: Moe Trin (ibuprofin_at_painkiller.example.tld)
Date: 09/11/05


Date: Sat, 10 Sep 2005 17:14:30 -0500

In the Usenet newsgroup alt.computer.security, in article
<4322CDA1.1040505@stevew.net>, Steve Welsh wrote:

>>If it was classified, "some ill-intentioned person" won't have access
>> to that machine unless they are cleared.

I agree with Ken here - the correct word is "shouldn't" not "won't"

>http://news.bbc.co.uk/1/hi/technology/3109602.stm
>
>and then tell me that it is not possible for a hard drive to get into
>the wrong hands ;)

You may note that the article is quoting a Thales spokesman, whose
company stands to make a tidy pile of currency to implement the
disk encryption scheme. I am a bit surprised that this isn't in
place already - we've been encrypting disks that temporarily leave
our facilities for over ten years, and we're just a corporate R&D
division. The only thing that leaves our facility without paperwork
is the trash - which is shredded before it gets to the door.

Not withstanding that (I've also see the information released by the
UK government in response to a question in the house - see Risks-Digest
volume 23 issue 94 for one recent reference), under normal circumstances
the poor sod who was assigned the hardware that disappeared is often in
extremely deep weeds as a result. Most agencies dealing with classified
data don't take kindly when it either turns up missing, or is splashed
across the front page of some news paper or equal. Can you say "career
limiting move" - I thought you could. As a consequence, second
occurrences are "rare" even in the same department/division.

        Old guy